Persistent Cross-Site Scripting (XSS) Demo

If you ever wanted to know how cross-site scripting works, look no further. The video was created by Aleksander Gorkowienko, a database and application security expert with the company 7safe.

In “Cross-Site Scripting Explained”, Aleksander simulates an XSS attack against a fictitious online financial company. He demonstrates how a hacker could jump from one authenticated user (using a password and a PIN) to another using PHP Session cookies.

In the attack, Aleksander uses the Browser Exploitation Framework (BeEF), JavaScript and the Web Application security testing platform Burp Suite. I haven’t played with BeEF in a while, so it was good to see it in action again.

This demonstrates why it is important to test web applications for vulnerabilities like XSS. The video is definitely a must see!